USA’s major oil pipeline, The Colonial Pipeline, shut down its operations for a week after being the victim of a cyber attack. This resulted in a hike in prices, and a shortage of oil in some places. The Georgia-based company operates the largest petroleum pipeline in the United States, carrying around 2.5 million barrels a day of gasoline, diesel, heating oil, and jet fuel on its 5,500-mile route from Texas to New Jersey.
A ransomware attack from what appears to be a criminal hacker group based in Eastern Europe took the pipeline down, causing the recently-elected Biden administration to declare a regional state of emergency to keep some of the oil supply moving until pipeline service was restored. The cyberattack seems to be one of the largest ever on an American energy system, and yet another example of cybersecurity vulnerabilities that President Joe Biden has promised to address.
On May 13, it was reported that the Colonial Pipeline had paid a 5 million dollar ransom to DarkSide. The group is reportedly said to have been “rather strange” to some extent – hackers with morals and previously donating some of its ransom proceeds to charity.
The Justice Department tracked down some of the bitcoin paid to DarkSide by Colonial Pipeline, by reviewing the public ledger and identifying a specific address. It is said that the US Federal Bureau of Investigation has a private key that can access assets at specific bitcoin addresses. However, it is still unclear how the FBI happened to have access to an address that is presumably operated by DarkSide.
In a statement issued by the FBI Deputy Director Paul Abbate said, “There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors, we will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.”
In an interview with SiliconANGLE, John Hammond, a senior security researcher at manage detection and response firm Huntress Labs Inc., said that one of the most enabling factors of modern cybercrime is the rise of cryptocurrencies.
“No other technology offers the perfect crime: anonymous threats without borders, blackmail, and extortion without a financial oversight or governing authority,” he said. “These almost always go undetected because, despite currencies like Bitcoin and Ethereum offering a public ledger, there is nothing to stop criminals from laundering money through an automated mixer. Bad actors can ‘wash’ the money by having it go through many transactions until it has no apparent ties to the origin. Unless the bad actors make any unintentional mistake, the inherent design of cryptocurrency makes for a perfect getaway car.”
Hammond adds that it’s refreshing to see that thorough investigation and detective work could help recover money for Colonial Pipeline, but unless something is done about cryptocurrencies, things could get worse.